Vulnerability CVE-2018-16869: Information

Description

A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.

Severity: MEDIUM (5.7) Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-16869
Published: Dec. 3, 2018
Modified: Feb. 3, 2023
Error type identifier: CWE-203

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
nettlesisyphus3.4.1-alt13.9.1-alt1ALT-PU-2018-2797-1217427Fixed
nettlep103.4.1-alt13.7.3-alt1ALT-PU-2018-2797-1217427Fixed
nettlep93.4.1-alt13.4.1-alt1ALT-PU-2018-2797-1217427Fixed
nettlep83.4.1-alt13.4.1-alt1ALT-PU-2018-2975-1217493Fixed
nettlec10f13.4.1-alt13.7.3-alt1ALT-PU-2018-2797-1217427Fixed
nettlec9f23.4.1-alt13.4.1-alt1ALT-PU-2018-2797-1217427Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16869
  • Issue Tracking
  • Third Party Advisory
http://cat.eyalro.net/
  • Technical Description
  • Third Party Advisory
106092
  • Broken Link
  • Third Party Advisory
  • VDB Entry

    1. Configuration 1

      cpe:2.3:a:nettle_project:nettle:*:*:*:*:*:*:*:*
      End including
      3.4
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.0
Back to top